Share this Page

New Study Looks at Risks on Top Web Sites

Barracuda Labs recently released results from a study it conducted on risks consumers face on the Web, which found that every day a top site delivers malware.

The study, "Good Websites Gone Bad," analyzed the 25,000 most popular Web sites worldwide, as ranked by Alexa in February, for malware infections using an automated system.

"One of these tools is an automated system that forces a Web browser inside a Windows virtual machine to visit a URL to see what happens to the browser, its plugins, and the operating system," wrote Paul Royal, Barracuda research consultant, on a blog. "The resulting network-level actions of the virtual machine help us determine, without prior knowledge of specific exploits served to the browser or its extensions, whether a URL serves malicious content."

Conclusions of the report included:

Fifty-eight Web sites served "drive-by download exploits," exposing more than 10 million people to malware infections;

Domains in 18 countries served malware, with businesses in the United States hosting most of the infected sites at 43 percent, followed by the Netherlands at 19 percent; and

Fifty-four percent of infected Web sites have been up and running for more than five years, 43 percent have been up for 1 to 5 years, and 3 percent were created less than a year ago.

"Web security has shifted. If you are a popular Web site or company, the attackers want access to your users. Good sites gone bad is a serious problem," said Paul Judge, chief research officer at Barracuda Networks. "Users must be careful when visiting even long-time trusted sites, and also more than ever legitimate Web sites must take steps to protect their websites from compromise."

The study also found that, on average, two top-ranked Web site deliver malware content each day, "statistically guaranteeing that at least one popular Web site will serve malicious content every day," and the top domains served malware for 23 of the 30 days in February.

Tim Sohn is a 10-year veteran of the news business, having served in capacities from reporter to editor-in-chief of a variety of publications including Web sites, daily and weekly newspapers, consumer and trade magazines, and wire services. He can be reached at [email protected] and followed on Twitter @editortim.